The Cybersecurity Strategy of France starts speaking about how
threats are moving quickly to cyber spying, cybercrime,
destabilization, and cyber sabotage. For instance, the strategy
highlights the Operation Aurora and Mandiant reports where United
States organizations were attacked from China. It also highlights the
darkweb for cybercrime, and social networks for terrorism and
political destabilization. The strategy makes also reference other
cyber operations such as Stuxnet,
NotPetya, DDoS
attacks, etc.

Action de sabotage informatique

The main actions and the operation modes of cyber attacks are also
discussed into the cyber strategy. In fact, we can read, and see an
example, of the four phases of a cyber attack: Reconnaissance,
Intrusion, Malware Insertion, and Exploitation. In addition, we can
read about the attacker infrastructure needed for a cyber attack such
as C&C servers and exploitation toolkit. The threat structure is
also commented into the strategy where we can read an overview of
lots of cyber attacks (Shamoon, Carbanak, WannaCry, etc)

Exfiltration de données par envoi d'un courriel piégé

This
Cybersecurity Strategy has also into account the vulnerabilities.
It’s said that the National Security is insufficient because there
are increasingly more and more digital services, which could have
vulnerabilities, and therefore there is more risk for the State. For
instance, a vulnerability into an important system, like the Swift
System for worldwide payments, can be able to break the reputation of
the system.

Resilience
for mitigating risks of cyber attacks is also into this strategy. How
can we get resiliency? Integrating cybersecurity into organizations,
considering security throughout the information system lifecycle,
knowing technologies and threats, and considering active defenses.

Cycle de vie de la sécurité d'un systéme d'information

There are
many other sections in this first part of the Cybersecurity Strategy
of France such as international regulation, which is not too good, or
cybersecurity models for protection. I think the review of dangers of
the cyber world in this strategy is very complete with lots of
examples, concepts and references. I like it!!